Five mobile phone service firms fined for sms spoofing

The Tanzania Communications Regulatory Authority (TCRA) has penalised five communication operators for failing to take technical and legal measures to tame information security threats.

 

“Having gone through and considering the Licensees’ defences, the Authority is satisfied that the Licensees’ networks were not secure as SMS spoofing test carried out by the Authority indicated unsecure system that  endangers subscribers information,” read the TCRA statement inter alia.

 

SMS spoofing is a relatively new technology which uses the short message service (SMS), available on most mobile phones and personal digital assistants, to set who the message appears to come from by replacing the originating mobile number (Sender ID) with alphanumeric text. Spoofing has both legitimate uses (setting the company name from which the message is being sent, setting your own mobile number, or a product name) and illegitimate uses (such as impersonating another person, company, product).

SMS Spoofing occurs when a sender manipulates address information. Often it is done in order to impersonate a user that has roamed onto a foreign network and is submitting messages to the home network. Frequently, these messages are addressed to destinations outside the home network – with the home SMSC essentially being “hijacked” to send messages into other networks.

 

The commutation companies that had been penalised by TCRA are Benson Informatics Limited (Trading as Smart), MIC Tanzania (Trading as TIGO), Airtel Tanzania Limited, Viettel Tanzania Limited (Trading as Halotel) and Zanzibar Telecom Limited (Trading as Zantel).

 

Speaking with newsmen in Dar es Salaam yesterday, the TCRA Director General, Dr Ally Simba said that the named communication operators each had to pay a fine of 25 million/- to the authority by 29th January 2016.

Dr Simba warned that failure by the Licensee to honour the orders, the authority would take further legal and regulatory actions against the operators.

 

“By virtue of Section 17 of the second schedule of the electronic and postal communications Act, Cap 306 of the Laws of Tanzania which empowers the Authority to impose sanctions for violations by any Licensee of any law or order the terms of its license, the authority has decided to take such actions against operators”.

 

He added: “Having gone through and considering the Licensees networks were not secure as SMS spoofing test carried out by the Authority indicated unsecure system that endangers subscriber’s information”

The DG further said that on 16th October 2015, TCRA reminded telecommunications service providers of the requirement to put in place legal and technical measures to safeguard against the use of its network in sending spoofed messages and to immediately blocks the same.

 

 “After the investigations carried out by the Authority on December 16 2015, it was noted with concerns that Benson Informatics Limited, MIC Tanzania, Airtel Tanzania Limited, Viettel Tanzania Limited and Zanzibar Telecom Limited have failed, neglected and refused to heed to the authority’s directives to ensure a secure environment for the connectivity and protections mechanism against information security threats,” he said.

 

He noted: “The Licensees appeared before the Authority between the 21th and 23th December, 2015 to state why legal actions should not be taken for their failure to provide a secure environment for connectivity of their subscriber base by maintaining updated systems that have a protection mechanism against information security threats.”

 

The TCRA boss revealed that they satisfied that the Licensees did not comply with the Authority directives issued and therefore they are in material breach of the provisions on regulation 8 (a) of the Electronic and Postal Communications which is also known as Computer Emergence Response Team regulations.

 

“In the course of exercising its regulatory functions, TCRA has received complaints from consumers regarding unsecure environment in communication services that endangers consumers by allowing fraudsters to send false, deceitful and misleading mesas that aimed at tarnishing the image of the targeted persons or obtaining money fraudulently,” he noted.

 

 He insisted: “TCRA has said that 42 incidents have been reported to the authority and as well as to Police in the last two months of which one incident can cause the loss of about 25 million/-”.

 

For her part, Elizabeth Nzagi from TCRA’s Legal Department said that they had appealed to all consumers of communication services to be cautious when they receive messages asking them to send money, even if the number used is familiar or frequently used to communicate with.

 

Nzagi noted: “Consumer should confirm the message by calling the person requesting money through an alternative number or check with them first before sending money”.

 

The Tanzania Communications Regulatory Authority (TCRA), established by the TCRA Act No. 12 of 2003, is an independent Authority for the postal, broadcasting and electronic communications industries in the United Republic of Tanzania. It merged the former Tanzania Communications Commission and the Tanzania Broadcasting Commission. The TCRA is accountable to the Communications and Technology Ministry. The Information Communication and Technology (ICT) sector reform in Tanzania is notable in that development was influenced by regional, political (national) and technological factors. 

 

Tanzania is one of the few African countries to liberalise the communications sector whereby the Converged Licensing Framework (CLF) is used as a key strategy, in terms of the Tanzania Communications Regulations. 

 

Since inception in 2003, the TCRA has issued a number of regulations to administer the sector, but still faces a number of challenges such as the roll-out of services to under-serviced rural areas.

 

SOURCE: THE GUARDIAN